In my case, since my sites do not require non-admin logins, I simply added an IP protection to /wp-login.php. As to XML-RPC, I just unhooked it via .htaccess.
3 Likes
In my case, since my sites do not require non-admin logins, I simply added an IP protection to /wp-login.php. As to XML-RPC, I just unhooked it via .htaccess.